Dr Jimbo Ransomware

Dr Jimbo Ransomware is a very dangerous malware that it capable of irreversibly damaging your files. It is set to encrypt the files using a complex encryption algorithm that in impossible to crack without a decryption key and the only way you can get this key is by paying the ransom its developers ask. However, we advise that you remove this infection because it is likely that you will not receive the promised key. We have tested this ransomware on our test PC and found some interesting things about it which will help you get a better understanding of what you are dealing with.

Let us begin with this infection’s origins. Our research has shown that it comes from an individual or group that is probably based in Russia or one of its neighboring states. We assume that this is the case because the cyber criminals want you to contact them via an email address provided by a Russian email service provider. The address is dr.jimbo@bk.ru. However, this infection’s scope of dissemination is not limited to the Russia as it is an internationalized infection. We say this because its ransom note is written in English.

Since this infection is new, not much is known about it, and its infection rates are low. We think that this is because its developers are getting ready to release another newer version. Like most ransomware, Dr Jimbo Ransomware is sent in email attachments. It appears that its developers have set up a server dedicated to sending spam mail containing this infection. We think that those emails contain an archive which might be a self-extracting archive, but it could also be a regular archive since testing has shown that it does not copy itself to a different location once you launch it manually. Therefore, the location of its files should be there where you set it to do download. Note that it comes as one executable file that is named randomly with not distinguishable traits, so you will have to identify it manually or use an antimalware scanner such as SpyHunter to identify it for you.

If your computer becomes infected with Dr Jimbo Ransomware, then this ransomware will scan your computer for files to encrypt and then encrypt all file formats in all locations except in %WINDIR% so that your computer remains operational and you are able to use it to pay the ransom. We think that this ransomware uses some variant of the AES encryption algorithm to encrypt the files, but a more in-depth analysis is necessary to confirm this. In any case, there is no doubt that its encryption algorithm is complex, and you cannot decrypt the files using third-party tools. Thus, your files might be damaged irreversibly. However, we do not recommend that you contact the cyber criminals and pay whatever the amount of money they ask for because they might not keep their word and send you the decryption key. It should be mentioned, however, that the ransomware developers threaten you with damaging your files beyond repair if you do not contact them within 48 hours after the infection took place, but again, you should not allow them to bully you into submission.

While encrypting your files, Dr Jimbo Ransomware will add a file extension .encrypted to each file and create a .txt file in each folder where a file has been encrypted. It should be noted that it creates a main .txt file in %HOMEDRIVE% and creates a Windows Registry key in HKCU\Software\Microsoft\Windows\CurrentVersion\Run with the Value name Happy Letter whose Value data is %HOMEDRIVE%\How_To_Decrypt.txt. Thus, this ransomware is set to open the ransom note on system start up. Also, this infection will not lock the screen or block the Task Manager so that you can delete it without obstructions.

In closing, Dr Jimbo Ransomware is a dangerous computer infection that can encrypt your files and render them useless if you do not have the adequate means to prevent the infection. Paying the ransom is not recommended especially if they ask for a substantial sum of money. Therefore, we suggest that you just remove this ransomware using the guide found below.

How to delete Dr Jimbo Ransomware

Simultaneously press the Windows+E keys.

Enter the following locations in the address box to locate Dr Jimbo’s executable.

C:\Users\User\AppData\Roaming

C:\Users\User\AppData\Roaming\Microsoft\Windows

C:\Users\User\Downloads

Desktop

Delete the executable.

Then, enter %HOMEDRIVE% in the address box.

Delete How_To_Decrypt.txt

Delete the Registry key

Simultaneously press the Windows+R keys.

Type regedit in the dialog box and click OK.

In the Registry Editor, go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run